Does TPM/Secure Boot have any effect on OS or game performance?

Recently I went digging through my BIOS to enable those settings in preparation for the official Windows 11 launch later this year. If "DirectStorage" ends up being restricted to Win11 then seems to me I've gotta make the jump and at a glance some of the UI changes seem nice to me.

One thing I'm wondering about though is the title -- namely do these security settings negatively impact performance in some way? In my BIOS they were both Disabled by default and I've heard here and there that certain software fixes for various security flaws have negatively impacted performance to some extent in the past so I wondered.

If there is some potential negative effect then perhaps best to leave them OFF til Win11 actually rolls out, but if not then I'd rather just go ahead and leave them enabled for an easy upgrade later. Thanks!

 

my understanding the hit to performance is on boot? but when i was messing with stuff i say no hit to boot performance, gaming i dont know as i just turned it all off no point even having it on even it supported if my cpu is not supported

 

no, tpm and secure bot alone don't affect gaming performance. Bitlocker can (different performance impact on same drive depending on bitlocker method used).

 

Thanks!

 

Disabling csm you have can use ultra fast/fast boot so if nothing it can even speed up boot time. Nothing to do with OS performance tho.

 

As others have said, no just enabling them won't hurt general use.

What could have an impact is if they actually do force the virtualisation based security with Windows 11 or not, indications are they they will be doing so.
(This is why TPM is potentially going to be required)

Effectively the OS would run behind a HyperV VM, how much this on its own could hamper system performance I'm not sure but there would be some impact.

Our work devices use VBS in Windows 10, now admittedly we have a crap ton of other monitoring software on them too but their performance isn't close to how a vanilla Windows 10 install behaves on the same hardware.

Edit: Thinking about it, you could do this in Windows 10 by enabling Core Isolation -> Memory Integrity in Defender. Or enable App Guard or Windows Hypervisor Platform in the additional Windows Features which I believe enable VBS on your machine (if suitable) to test any impact.

 

That's really interesting, in that case I definitely hope they don't put the OS behind a VM lol

 

conceptually an OS is a VM.adding a deeper hypervisor like they did first on XB1 would not make great sense on PC.

 

Never noticed any on my system and I've always had TPM enabled.

 

I find this somehow related:
https://mobile.twitter.com/XMPPwocky/status/1420527243172868097

So enabling TPM is a security issue.

 

lol

 

It can prevent the random bob wiping some crap on closed devices.. but yeah they didn't solve anything from 1.2 to 2.0

 

That's more a problem for corporate IT departments than the common user. The message is pretty simple though. Don't trust a system that has been "configured" by someone outside of your corporate IT department, or that has been handled by someone outside of your corporate IT department.

 

Dunno man, the more I read what you wrote, the more it feels like Microsoft's end game.

 

it' doesn't make sense, that on xbox was meant for separate core OS resource for foreground game, keeping console os responsive. and it worked. you cannot do this on a PC, too many variables and different shits. TPM isn't needed at all also for this. TPM outside preventing random bad guys accessing your data after stealing your laptop when you fool around outside home is completely useless, and it can be bypassed with the right tools since the master keys pass on clear in part of the circuit path at 33.33Mhz (biggest hole still not fixed since 1.x). The alternative is using FTPM on the CPU, which means you are ****** if you need to change the CPU without disabled it.

 

A couple months ago, I swapped from Ryzen 5 1600AE to Ryzen 5 2600 without disabling TPM.....no issues at all.
A couple days ago, I swapped from a Ryzen 5 2600 to a Ryzen 5 3600 without disabling TPM.....no issues at all.
I'd expect that you'd run into issues if you're actually using the TPM for something like, say, Bitlocker or you have Core Isolation enabled....but simply having the TPM enabled when swapping processors doesn't seem to make any difference. At least with AMD's fTPM. I personally go for the bare minimum with fTPM.

 

If you dont depend on the TPM then it doesnt matter. As almost always I would guess ...

 

I considered actually putting my TPM to use, until the article you linked to above came along.... After that, I was like "ehh....screw it...."

 

I understand why that would affect a physical TPM chip, but that doesn't seem like it would work on an fTPM. Though I could be mistaken.

 

According to The Verge *shrug* MS has laxed the requirements for most processors/systems now, just unofficially. I assume this news will make FP soon. I might rethink installing 11 on my main now, instead of waiting.